Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2992: 2022/CVE-2022-2992.json · master · GitLab.org / cves · GitLab

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.

CVE
#vulnerability#js#git#rce#auth

🤖 GitLab Bot 🤖 authored Oct 17, 2022

Related news

GitLab GitHub Repo Import Deserialization Remote Code Execution

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907